Systems and methods for assessing security for a network of assets and providing recommendations

US 9,270,694 B2
Filed: 05/21/2013
Issued: 02/23/2016
Est. Priority Date: 05/21/2013
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for determining an objective security assessment for a network, the method comprising:

determining computer assets in the network;

determining an actual deployment of counter measures associated with the network, wherein the counter measures address potential security threats to the network;

determining, by a processor, an overall security score for the network based at least in part on the actual deployment of the counter measures and an effectiveness of the counter measures;

determining at least one recommendation for improving the overall security score; and

outputting the at least one recommendation and the overall security score,wherein the overall security score comprises a security score of each of the counter measures associated with the computer assets, the security score of each of the counter measures being based at least in part on an actual effectiveness score that represents the actual deployment of each of the counter measures and a possible effectiveness score that represents a possible deployment of each of the counter measures, andwherein outputting the at least one recommendation and the overall security score further comprises outputting the security score of each of the counter measures deployed on the computer assets.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security assessment tool can determine computer assets in a network and provide an overall security score for the network. The overall security score can represent an objective measure of the security of the network that considers potential security threats to the computer assets, counter measures deployed in the network to address the potential security threats, and the effectiveness of the counter measures. Based on the overall security assessment, the security assessment tool can provide recommendations for improving the security of the network.

10 Citations

View as Search Results

39 Claims

1. A computer-implemented method for determining an objective security assessment for a network, the method comprising:
- determining computer assets in the network;
  
  determining an actual deployment of counter measures associated with the network, wherein the counter measures address potential security threats to the network;
  
  determining, by a processor, an overall security score for the network based at least in part on the actual deployment of the counter measures and an effectiveness of the counter measures;
  
  determining at least one recommendation for improving the overall security score; and
  
  outputting the at least one recommendation and the overall security score,wherein the overall security score comprises a security score of each of the counter measures associated with the computer assets, the security score of each of the counter measures being based at least in part on an actual effectiveness score that represents the actual deployment of each of the counter measures and a possible effectiveness score that represents a possible deployment of each of the counter measures, andwherein outputting the at least one recommendation and the overall security score further comprises outputting the security score of each of the counter measures deployed on the computer assets.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The computer-implemented method of claim 1, the method further comprising:
    - determining, at a later time, a change in the actual deployment of the counter measures; and
      
      determining a new overall security score for the network based at least in part on the change in the actual deployment and the effectiveness of the counter measures.
  - 3. The computer-implemented method of claim 2, the method further comprising:
    - outputting the new overall security score;
      
      outputting a change in the new overall security score relative to the overall security score; and
      
      outputting at least one new recommendation for improving the overall security score.
  - 4. The computer-implemented method of claim 2, wherein the change in the actual deployment corresponds to at least one of a performance of the at least one recommendation and a change in the computer assets in the network.
  - 5. The computer-implemented method of claim 1, wherein determining the assets in the computer network comprises at least one of:
    - scanning the network for one or more of the computer assets; and
      
      receiving, via an interface, an identification of one or more of the computer assets.
  - 6. The computer-implemented method of claim 1, wherein determining the actual deployment of counter measures comprises:
    - determining security information of the computer assets, wherein the security information comprises at least one of identification of security software installed on the computer assets, vulnerabilities on the computer assets, system settings of the computer assets, security settings of the computer assets, configuration policies of the computer assets, security policies of the computer assets, access information for the computer assets, details of software installed on the computer assets, and a comparison of the access information and the security setting for the computer assets;
      
      determining, based at least in part on the security information, at least one of the counter measures associated with the network; and
      
      determining, based at least in part on the security information, a coverage of the at least one of the counter measures within the network.
  - 7. The computer-implemented method of claim 6, wherein determining the security information comprises at least one of:
    - receiving, via an interface, a portion of the security information from a user; and
      
      automatically discovering a portion of the security information.
  - 8. The computer-implemented method of claim 1, wherein the actual effectiveness and the possible effectiveness of the counter measures is based on at least one of:
    - empirical testing of counter measures versus actual security threats;
      
      survey of security experts including commonly understood best practices; and
      
      results of findings by security research organizations.
  - 9. The computer-implemented method of claim 1, wherein the at least one recommendation comprises at least one of deploying a new counter measure, changing a security setting of the computer assets, changing a system setting of the computer assets, changing a security policy of the computer assets, updating software of the computer assets, installing security software on the computer assets, and improving access information for the computer assets.
  - 10. The computer-implemented method of claim 1, the method further comprising:
    - receiving, via an interface, a selection of the at least one recommendation; and
      
      outputting instructions for implementing the at least one recommendation.
  - 11. The computer-implemented method of claim 1, the method further comprising:
    - determining an amount that each of the potential security threats contributes to the overall security score;
      
      ranking each of the potential security threats based at least in part on one of the frequency of the threat in empirical testing, the potential impact of the threat, or likelihood of the threat succeeding to determine the amount that each of the potential security threats contributes to the overall security score; and
      
      outputting the potential security threats ordered according to the ranking.
  - 12. The computer-implemented method of claim 11, the method further comprising:
    - receiving, via an interface, at least one of the potential security threats that is a priority;
      
      re-ranking each of the potential security threats based at least in part on the at least one of the potential security threats being a priority; and
      
      outputting the potential security threats ordered according to the re-ranking.
  - 13. The computer-implemented method of claim 1, wherein the computer assets comprises at least one of a physical computer system, physical computer hardware, and a virtual computer system.

14. A system for determining an objective security assessment, the system comprising:
- a network interface to a network of computer assets;
  
  one or more memory device storing instructions; and
  
  one or more processors coupled to the network interface and the one or more memory devices, the one or more processors being configured to execute the instructions to perform a method comprising;
  
  determining computer assets in the network;
  
  determining an actual deployment of counter measures associated with the network, wherein the counter measures address potential security threats to the network;
  
  determining an overall security score for the network based at least in part on the actual deployment of the counter measures and an effectiveness of the counter measures;
  
  determining at least one recommendation for improving the overall security score; and
  
  outputting the at least one recommendation and the overall security score,wherein the overall security score comprises a security score of each of the counter measures associated with the computer assets, the security score of each of the counter measures being based at least in part on an actual effectiveness score that represents the actual deployment of each of the counter measures and a possible effectiveness score that represents a possible deployment of each of the counter measures, andwherein outputting the at least one recommendation and the overall security score further comprises outputting the security score of each of the counter measures deployed on the computer assets.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 15. The system of claim 14, wherein the one or more processors are configured to execute the instructions to perform the method further comprising:
    - determining, at a later time, a change in the actual deployment of the counter measures; and
      
      determining a new overall security score for the network based at least in part on the change in the actual deployment and the effectiveness of the counter measures.
  - 16. The system of claim 15, wherein the one or more processors are configured to execute the instructions to perform the method further comprising:
    - outputting the new overall security score;
      
      outputting a change in the new overall security score relative to the overall security score; and
      
      outputting at least one new recommendation for improving the overall security score.
  - 17. The system of claim 15, wherein the change in the actual deployment corresponds to at least one of a performance of the at least one recommendation and a change in the computer assets in the network.
  - 18. The system of claim 14, wherein determining the assets in the computer network comprises at least one of:
    - scanning the network for one or more of the computer assets; and
      
      receiving, via an interface, an identification of one or more of the computer assets.
  - 19. The system of claim 14, wherein determining the actual deployment of counter measures comprises:
    - determining security information of the computer assets, wherein the security information comprises at least one of identification of security software installed on the computer assets, vulnerabilities on the computer assets, system settings of the computer assets, security settings of the computer assets, configuration policies of the computer assets, security policies of the computer assets, access information for the computer assets, details of software installed on the computer assets, and a comparison of the access information and the security setting for the computer assets;
      
      determining, based at least in part on the security information, at least one of the counter measures associated with the network; and
      
      determining, based at least in part on the security information, a coverage of the at least one of the counter measures within the network.
  - 20. The system of claim 19, wherein determining the security information comprises at least one of:
    - receiving, via an interface, a portion of the security information from a user; and
      
      automatically discovering a portion of the security information.
  - 21. The system of claim 14, wherein the actual effectiveness and the possible effectiveness of the counter measures is based on at least one of:
    - empirical testing of counter measures versus actual security threats;
      
      survey of security experts including commonly understood best practices; and
      
      results of findings by security research organizations.
  - 22. The system of claim 14, wherein the at least one recommendation comprises at least one of deploying a new counter measure, changing a security setting of the computer assets, changing a system setting of the computer assets, changing a security policy of the computer assets, updating software of the computer assets, installing security software on the computer assets, and improving access information for the computer assets.
  - 23. The system of claim 14, wherein the one or more processors are configured to execute the instructions to perform the method further comprising:
    - receiving, via an interface, a selection of the at least one recommendation; and
      
      outputting instructions for implementing the at least one recommendation.
  - 24. The system of claim 14, wherein the one or more processors are configured to execute the instructions to perform the method further comprising:
    - determining an amount that each of the potential security threats contributes to the overall security score;
      
      ranking each of the potential security threats based at least in part on one of the frequency of the threat in empirical testing, the potential impact of the threat, or likelihood of the threat succeeding to determine the amount that each of the potential security threats contributes to the overall security score; and
      
      outputting the potential security threats ordered according to the ranking.
  - 25. The system of claim 24, wherein the one or more processors are configured to execute the instructions to perform the method further comprising:
    - receiving, via an interface, at least one of the potential security threats that is a priority;
      
      re-ranking each of the potential security threats based at least in part on the at least one of the potential security threats being a priority; and
      
      outputting the potential security threats ordered according to the re-ranking.
  - 26. The system of claim 14, wherein the computer assets comprises at least one of a physical computer system, physical computer hardware, and a virtual computer system.

27. A non-transitory computer readable storage medium comprising instructions for causing one or more processors to perform a method for determining an objective security assessment for a network, the method comprising:
- determining computer assets in the network;
  
  determining, by a security assessment tool, an actual deployment of counter measures associated with the network, wherein the counter measures address potential security threats to the network;
  
  determining, by a processor, an overall security score for the network based at least in part on the actual deployment of the counter measures and an effectiveness of the counter measures;
  
  determining at least one recommendation for improving the overall security score; and
  
  outputting the at least one recommendation and the overall security score,wherein the overall security score comprises a security score of each of the counter measures associated with the computer assets, the security score of each of the counter measures being based at least in part on an actual effectiveness score that represents the actual deployment of each of the counter measures and a possible effectiveness score that represents a possible deployment of each of the counter measures, andwherein outputting the at least one recommendation and the overall security score further comprises outputting the security score of each of the counter measures deployed on the computer assets.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 28. The non-transitory computer readable storage medium of claim 27, the method further comprising:
    - determining, at a later time, a change in the actual deployment of the counter measures; and
      
      determining a new overall security score for the network based at least in part on the change in the actual deployment and the effectiveness of the counter measures.
  - 29. The non-transitory computer readable storage medium of claim 28, the method further comprising:
    - outputting the new overall security score;
      
      outputting a change in the new overall security score relative to the overall security score; and
      
      outputting at least one new recommendation for improving the overall security score.
  - 30. The non-transitory computer readable storage medium of claim 28, wherein the change in the actual deployment corresponds to at least one of a performance of the at least one recommendation and a change in the computer assets in the network.
  - 31. The non-transitory computer readable storage medium of claim 27, wherein determining the assets in the computer network comprises at least one of:
    - scanning the network for one or more of the computer assets; and
      
      receiving, via an interface, an identification of one or more of the computer assets.
  - 32. The non-transitory computer readable storage medium of claim 27, wherein determining the actual deployment of counter measures comprises:
    - determining security information of the computer assets, wherein the security information comprises at least one of identification of security software installed on the computer assets, vulnerabilities on the computer assets, system settings of the computer assets, security settings of the computer assets, configuration policies of the computer assets, security policies of the computer assets, access information for the computer assets, details of software installed on the computer assets, and a comparison of the access information and the security setting for the computer assets;
      
      determining, based at least in part on the security information, at least one of the counter measures associated with the network; and
      
      determining, based at least in part on the security information, a coverage of the at least one of the counter measures within the network.
  - 33. The non-transitory computer readable storage medium of claim 32, wherein determining the security information comprises at least one of:
    - receiving, via an interface, a portion of the security information from a user; and
      
      automatically discovering a portion of the security information.
  - 34. The non-transitory computer readable storage medium of claim 27, wherein the actual effectiveness and the possible effectiveness of the counter measures is based on at least one of:
    - empirical testing of counter measures versus actual security threats;
      
      survey of security experts including commonly understood best practices; and
      
      results of findings by security research organizations.
  - 35. The non-transitory computer readable storage medium of claim 27, wherein the at least one recommendation comprises at least one of deploying a new counter measure, changing a security setting of the computer assets, changing a system setting of the computer assets, changing a security policy of the computer assets, updating software of the computer assets, installing security software on the computer assets, and improving access information for the computer assets.
  - 36. The non-transitory computer readable storage medium of claim 27, the method further comprising:
    - receiving, via an interface, a selection of the at least one recommendation; and
      
      outputting instructions for implementing the at least one recommendation.
  - 37. The non-transitory computer readable storage medium of claim 27, the method further comprising:
    - determining an amount that each of the potential security threats contributes to the overall security score;
      
      ranking each of the potential security threats based at least in part on one of the frequency of the threat in empirical testing, the potential impact of the threat, or likelihood of the threat succeeding to determine the amount that each of the potential security threats contributes to the overall security score; and
      
      outputting the potential security threats ordered according to the ranking.
  - 38. The non-transitory computer readable storage medium of claim 37, the method further comprising:
    - receiving, via an interface, at least one of the potential security threats that is a priority;
      
      re-ranking each of the potential security threats based at least in part on the at least one of the potential security threats being a priority; and
      
      outputting the potential security threats ordered according to the re-ranking.
  - 39. The non-transitory computer readable storage medium of claim 27, wherein the computer assets comprises at least one of a physical computer system, physical computer hardware, and a virtual computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rapid7 (Rapid7, Inc.)
Original Assignee
Rapid7 (Rapid7, Inc.)
Inventors
Loder, Chad, Wolf, Dana Elizabeth, Hathaway, Matthew Robert
Primary Examiner(s)
HO, DAO Q

Application Number

US13/899,117
Publication Number

US 20140351940A1
Time in Patent Office

1,008 Days
Field of Search

726/25
US Class Current

1/1
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/577   Assessing vulnerabilities a...

G06F 9/45558   Hypervisor-specific managem...

H04L 41/082   the condition being updates...

H04L 41/0856   by backing up or archiving ...

H04L 41/0893   Assignment of logical group...

H04L 63/1433   Vulnerability analysis

Systems and methods for assessing security for a network of assets and providing recommendations

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

10 Citations

39 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for assessing security for a network of assets and providing recommendations

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

39 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links